 Re: syslog / iptables logging
On 27 Nov 2005 10:39:05 -0800, "Mikhail Zotov" <muxaul@lenta.ru> wrote:
>IIRC, with the stock syslog.conf in Slack 10.0,
>iptables' log messages do go to /var/log/syslog.
Depends on the iptables logging command used, in my setup with 2.4.32:
a) sample Internet noise to /var/log/messages:
MLIMIT="--match limit --limit"
....
# data collection, sample what we're dropping?
iptables -A INPUT -p all $MLIMIT 6/min --limit-burst 6 \
-j LOG --log-level info --log-prefix "InpDrop: "
^^^^^^^^^^^^^^^^.
`--> to /var/log/messages
b) /var/log/debug for forwarding failures:
# data collection, check what we're dropping
iptables -A FORWARD -p all \
-j LOG --log-level debug --log-prefix "ForDrop: "
^^^^^^^^^^^^^^^^^.
`--> to /var/log/debug
ipfilter (iptables) in 2.6 series has too many bugs turning up to trust,
see changelog for latest stable 2.6.14.3, much of it is iptables repair
Grant.
|